W3C home > Mailing lists > Public > public-web-security@w3.org > December 2011

Re: Proposed directive for CSP.next: "no-user-js"

From: Michal Zalewski <lcamtuf@coredump.cx>
Date: Wed, 14 Dec 2011 14:15:10 -0800
Message-ID: <CALx_OUDFTdCc9iD+1hLZa31GeC_cJw+Pu+oWq=Sr_t35vshyyw@mail.gmail.com>
To: Brandon Sterne <bsterne@mozilla.com>
Cc: public-web-security@w3.org
Or to put this differently, there is some risk that if you put browser
configuration settings in scope for CSP, you will end up with MSIE
zone model at some point ;-)
Received on Wednesday, 14 December 2011 22:16:01 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 14 December 2011 22:16:03 GMT